On September 25, 2013 Venable hosted Cyber Sticks and Carrots – How the NIST Cybersecurity Framework, Incentives, and the SAFETY Act Affect You in its Washington, DC office to discuss key insights and industry updates on President Obama’s executive order earlier this year creating a voluntary cybersecurity framework for utilities and other critical infrastructure companies. Former Deputy Secretary of Homeland Security Jane Holl Lute who is the current President and CEO of the Council on Cybersecurity, a nonprofit organization founded earlier this year to help improve internet security, was the featured speaker.
For more than two years, Congress has struggled to pass cybersecurity legislation that would permit broad liability exemptions for industries that share information about cyber attacks. Venable partner and retired Navy Rear Admiral Jamie Barnett, who moderated the panel, commented on the issue, saying “no legislation seems likely in the short term,” but added that the executive order “is pushing the envelope on information sharing...Ultimately, legislation will be needed.”
For now, Venable attorneys said industries can use the SAFETY Act – a post-9/11 law designed to boost development of counterterrorism technologies – to earn recognition from the Department of Homeland Security (DHS) for liability exemptions tied to products and services used in counterterrorism activities, including cybersecurity. Partner Diz Locaria, who spoke at the event, showed companies how to procure DHS “designation” and “certification” under the SAFETY Act for liability limitations. The Act “could be one of the tools in your toolbox to limit liability as it relates to cybersecurity,” Locaria told industry officials.
He added that the Obama administration’s upcoming framework for voluntary cybersecurity standards, established by the president’s executive order issued in February, will offer a “baseline” allowing companies to “demonstrate the effectiveness” of cybersecurity measures to DHS and gain protections under the SAFETY Act.
Associate Jason Wool also spoke at the event, and highlighted a DHS proposed list of incentives which included collaboration with the insurance industry, rate recovery for regulated industries like electric utilities, and technical assistance. Wool noted that liability limitations also made the list, but the issue is still “being studied.”
Inside Cybersecurity featured news of this event in an article on September 27, 2013.
For more than two years, Congress has struggled to pass cybersecurity legislation that would permit broad liability exemptions for industries that share information about cyber attacks. Venable partner and retired Navy Rear Admiral Jamie Barnett, who moderated the panel, commented on the issue, saying “no legislation seems likely in the short term,” but added that the executive order “is pushing the envelope on information sharing...Ultimately, legislation will be needed.”
For now, Venable attorneys said industries can use the SAFETY Act – a post-9/11 law designed to boost development of counterterrorism technologies – to earn recognition from the Department of Homeland Security (DHS) for liability exemptions tied to products and services used in counterterrorism activities, including cybersecurity. Partner Diz Locaria, who spoke at the event, showed companies how to procure DHS “designation” and “certification” under the SAFETY Act for liability limitations. The Act “could be one of the tools in your toolbox to limit liability as it relates to cybersecurity,” Locaria told industry officials.
He added that the Obama administration’s upcoming framework for voluntary cybersecurity standards, established by the president’s executive order issued in February, will offer a “baseline” allowing companies to “demonstrate the effectiveness” of cybersecurity measures to DHS and gain protections under the SAFETY Act.
Associate Jason Wool also spoke at the event, and highlighted a DHS proposed list of incentives which included collaboration with the insurance industry, rate recovery for regulated industries like electric utilities, and technical assistance. Wool noted that liability limitations also made the list, but the issue is still “being studied.”
Inside Cybersecurity featured news of this event in an article on September 27, 2013.